diff --git a/go/cmd/dolt/commands/sqlserver/server.go b/go/cmd/dolt/commands/sqlserver/server.go index 9374608c37e..be2ca4442f1 100644 --- a/go/cmd/dolt/commands/sqlserver/server.go +++ b/go/cmd/dolt/commands/sqlserver/server.go @@ -376,9 +376,6 @@ func ConfigureServices( // instead of dolt db initialization, because we only want to create the privileges database when it's // used for a server, and because we want the same root initialization logic when a sql-server is started // for a clone. More details: https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/default-privileges.html - // - // NOTE: The MySQL root user is created for host 'localhost', not any host ('%'). We could do the same here, - // but it seems like it would cause problems for users who want to connect from outside of Docker. InitImplicitRootSuperUser := &svcs.AnonService{ InitF: func(ctx context.Context) error { // If privileges.db has already been initialized, indicating that this is NOT the @@ -395,9 +392,8 @@ func ConfigureServices( ed := mysqlDb.Editor() defer ed.Close() - // If no ephemeral superuser has been configured and root user initialization wasn't skipped, - // then create a root@localhost superuser. - if !serverConfig.UserIsSpecified() && !config.SkipRootUserInitialization { + // Create the root@localhost superuser, unless --skip-root-user-initialization was specified + if !config.SkipRootUserInitialization { // Allow the user to override the default root host (localhost) and password (""). // This is particularly useful in a Docker container, where you need to connect // to the sql-server from outside the container and can't rely on localhost. @@ -436,26 +432,6 @@ func ConfigureServices( } controller.Register(InitImplicitRootSuperUser) - // Add an ephemeral superuser if one was requested - InitEphemeralSuperUser := &svcs.AnonService{ - InitF: func(context.Context) error { - mysqlDb := sqlEngine.GetUnderlyingEngine().Analyzer.Catalog.MySQLDb - ed := mysqlDb.Editor() - - userSpecified := config.ServerUser != "" - if userSpecified { - superuser := mysqlDb.GetUser(ed, config.ServerUser, "%", false) - if superuser == nil { - mysqlDb.AddEphemeralSuperUser(ed, config.ServerUser, "%", config.ServerPass) - } - } - ed.Close() - - return nil - }, - } - controller.Register(InitEphemeralSuperUser) - var metListener *metricsListener InitMetricsListener := &svcs.AnonService{ InitF: func(context.Context) (err error) { diff --git a/go/cmd/dolt/commands/sqlserver/server_test.go b/go/cmd/dolt/commands/sqlserver/server_test.go index f21c5798ec2..8482142bf1c 100644 --- a/go/cmd/dolt/commands/sqlserver/server_test.go +++ b/go/cmd/dolt/commands/sqlserver/server_test.go @@ -75,8 +75,6 @@ func TestServerArgs(t *testing.T) { StartServer(context.Background(), "0.0.0", "dolt sql-server", []string{ "-H", "localhost", "-P", "15200", - "-u", "username", - "-p", "password", "-t", "5", "-l", "info", "-r", @@ -93,6 +91,27 @@ func TestServerArgs(t *testing.T) { assert.NoError(t, err) } +func TestDeprecatedUserPasswordServerArgs(t *testing.T) { + controller := svcs.NewController() + dEnv, err := sqle.CreateEnvWithSeedData() + require.NoError(t, err) + defer func() { + assert.NoError(t, dEnv.DoltDB.Close()) + }() + err = StartServer(context.Background(), "0.0.0", "dolt sql-server", []string{ + "-H", "localhost", + "-P", "15200", + "-u", "username", + "-p", "password", + "-t", "5", + "-l", "info", + "-r", + }, dEnv, dEnv.FS, controller) + require.Error(t, err) + require.Contains(t, err.Error(), "--user and --password have been removed from the sql-server command.") + require.Contains(t, err.Error(), "Create users explicitly with CREATE USER and GRANT statements instead.") +} + func TestYAMLServerArgs(t *testing.T) { const yamlConfig = ` log_level: info diff --git a/go/cmd/dolt/commands/sqlserver/sqlserver.go b/go/cmd/dolt/commands/sqlserver/sqlserver.go index cef25425592..1351226c5e6 100644 --- a/go/cmd/dolt/commands/sqlserver/sqlserver.go +++ b/go/cmd/dolt/commands/sqlserver/sqlserver.go @@ -39,7 +39,6 @@ const ( hostFlag = "host" portFlag = "port" skipRootUserInitialization = "skip-root-user-initialization" - passwordFlag = "password" timeoutFlag = "timeout" readonlyFlag = "readonly" logLevelFlag = "loglevel" @@ -163,9 +162,9 @@ func (cmd SqlServerCmd) ArgParserWithName(name string) *argparser.ArgParser { ap.SupportsString(configFileFlag, "", "file", "When provided configuration is taken from the yaml config file and all command line parameters are ignored.") ap.SupportsString(hostFlag, "H", "host address", fmt.Sprintf("Defines the host address that the server will run on. Defaults to `%v`.", serverConfig.Host())) ap.SupportsUint(portFlag, "P", "port", fmt.Sprintf("Defines the port that the server will run on. Defaults to `%v`.", serverConfig.Port())) - ap.SupportsString(commands.UserFlag, "u", "user", fmt.Sprintf("Defines the server user. Defaults to `%v`. This should be explicit if desired.", serverConfig.User())) + ap.SupportsString(commands.UserFlag, "u", "user", "This option is no longer supported. Instead, you can create users using CREATE USER and GRANT SQL statements.") ap.SupportsFlag(skipRootUserInitialization, "", "Skips the automatic creation of a default root super user on the first launch of a SQL server.") - ap.SupportsString(passwordFlag, "p", "password", fmt.Sprintf("Defines the server password. Defaults to `%v`.", serverConfig.Password())) + ap.SupportsString("password", "p", "password", "This option is no longer supported. Instead, you can create users using CREATE USER and GRANT SQL statements.") ap.SupportsInt(timeoutFlag, "t", "connection timeout", fmt.Sprintf("Defines the timeout, in seconds, used for connections\nA value of `0` represents an infinite timeout. Defaults to `%v`.", serverConfig.ReadTimeout())) ap.SupportsFlag(readonlyFlag, "r", "Disable modification of the database.") ap.SupportsString(logLevelFlag, "l", "log level", fmt.Sprintf("Defines the level of logging provided\nOptions are: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. Defaults to `%v`.", serverConfig.LogLevel())) @@ -235,6 +234,12 @@ func validateSqlServerArgs(apr *argparser.ArgParseResults) error { if multiDbDir { cli.PrintErrln("WARNING: --multi-db-dir is deprecated, use --data-dir instead") } + _, userSpecified := apr.GetValue(commands.UserFlag) + if userSpecified { + return fmt.Errorf("ERROR: --user and --password have been removed from the sql-server command. " + + "Create users explicitly with CREATE USER and GRANT statements instead.") + } + return nil } @@ -373,15 +378,6 @@ func getServerConfig(cwdFS filesys.Filesys, apr *argparser.ArgParseResults, data return nil, err } - // if command line user argument was given, override the config file's user and password - if user, hasUser := apr.GetValue(commands.UserFlag); hasUser { - if wcfg, ok := cfg.(servercfg.WritableServerConfig); ok { - pass, _ := apr.GetValue(passwordFlag) - wcfg.SetUserName(user) - wcfg.SetPassword(pass) - } - } - if connStr, ok := apr.GetValue(goldenMysqlConn); ok { if yamlCfg, ok := cfg.(servercfg.YAMLConfig); ok { cli.Println(connStr) diff --git a/go/libraries/doltcore/servercfg/yaml_config.go b/go/libraries/doltcore/servercfg/yaml_config.go index 2aefec9248f..8a2b711bb8c 100644 --- a/go/libraries/doltcore/servercfg/yaml_config.go +++ b/go/libraries/doltcore/servercfg/yaml_config.go @@ -260,10 +260,6 @@ func ServerConfigSetValuesAsYAMLConfig(cfg ServerConfig) *YAMLConfig { DoltTransactionCommit: zeroIf(ptr(cfg.DoltTransactionCommit()), !cfg.ValueSet(DoltTransactionCommitKey)), EventSchedulerStatus: zeroIf(ptr(cfg.EventSchedulerStatus()), !cfg.ValueSet(EventSchedulerKey)), }, - UserConfig: UserYAMLConfig{ - Name: zeroIf(ptr(cfg.User()), !cfg.ValueSet(UserKey)), - Password: zeroIf(ptr(cfg.Password()), !cfg.ValueSet(PasswordKey)), - }, ListenerConfig: ListenerYAMLConfig{ HostStr: zeroIf(ptr(cfg.Host()), !cfg.ValueSet(HostKey)), PortNumber: zeroIf(ptr(cfg.Port()), !cfg.ValueSet(PortKey)), diff --git a/integration-tests/bats/branch-control.bats b/integration-tests/bats/branch-control.bats index bb75b8f26c0..3dfad66114f 100644 --- a/integration-tests/bats/branch-control.bats +++ b/integration-tests/bats/branch-control.bats @@ -16,6 +16,7 @@ setup_test_user() { dolt sql -q "create user test identified by ''" dolt sql -q "grant all on *.* to test" dolt sql -q "delete from dolt_branch_control where user='%'" + SQL_USER=test } @test "branch-control: fresh database. branch control tables exist" { diff --git a/integration-tests/bats/cli-hosted.bats b/integration-tests/bats/cli-hosted.bats index 0e293c3dd56..29aff494144 100644 --- a/integration-tests/bats/cli-hosted.bats +++ b/integration-tests/bats/cli-hosted.bats @@ -22,7 +22,8 @@ setup() { # creation is done here. We may want to move this to helper/query-server-common.bash later. PORT=$( definePORT ) DOLT_CLI_PASSWORD="d01t" - dolt sql-server --host 0.0.0.0 --port=$PORT --user="dolt" --password=$DOLT_CLI_PASSWORD --socket "dolt.$PORT.sock" & + dolt sql -q "create user dolt@'%' identified by '$DOLT_CLI_PASSWORD'; grant all on *.* to dolt@'%'" + dolt sql-server --host 0.0.0.0 --port=$PORT --socket "dolt.$PORT.sock" & SERVER_PID=$! # Also, wait_for_connection code is pulled in here and replaced with a use of `dolt sql` instead. This @@ -33,7 +34,7 @@ setup() { end_time=$((SECONDS+($timeout/1000))) while [ $SECONDS -lt $end_time ]; do - run dolt --no-tls --host localhost --port $PORT -u "dolt" sql -q "SELECT 1;" + run dolt --no-tls --host localhost --port $PORT sql -q "SELECT 1;" if [ $status -eq 0 ]; then echo "Connected successfully!" break diff --git a/integration-tests/bats/events.bats b/integration-tests/bats/events.bats index f8e4d2a849d..1e9a516d2c8 100644 --- a/integration-tests/bats/events.bats +++ b/integration-tests/bats/events.bats @@ -12,9 +12,9 @@ make_test_repo_and_start_server() { export DOLT_EVENT_SCHEDULER_PERIOD=1 start_sql_server - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db information_schema sql -q "CREATE DATABASE repo1;" - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db repo1 sql -q "CREATE TABLE totals (id int PRIMARY KEY AUTO_INCREMENT, int_col int);" - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db repo1 sql -q "call dolt_commit('-Am', 'creating table');" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db information_schema sql -q "CREATE DATABASE repo1;" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db repo1 sql -q "CREATE TABLE totals (id int PRIMARY KEY AUTO_INCREMENT, int_col int);" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db repo1 sql -q "call dolt_commit('-Am', 'creating table');" } setup() { diff --git a/integration-tests/bats/helper/query-server-common.bash b/integration-tests/bats/helper/query-server-common.bash index cf9e05aef89..8683b2ee4db 100644 --- a/integration-tests/bats/helper/query-server-common.bash +++ b/integration-tests/bats/helper/query-server-common.bash @@ -4,7 +4,7 @@ SERVER_PID="" DEFAULT_DB="" # wait_for_connection(, ) attempts to connect to the sql-server at the specified -# port on localhost, using the $SQL_USER (or 'dolt' if unspecified) as the user name, and trying once +# port on localhost, using $SQL_USER (or 'root' if unspecified) as the user name, and trying once # per second until the millisecond timeout is reached. If a connection is successfully established, # this function returns 0. If a connection was not able to be established within the timeout period, # this function returns 1. @@ -17,7 +17,7 @@ wait_for_connection() { echo "Running in AWS Lambda; increasing timeout to: $timeout" fi - user=${SQL_USER:-dolt} + user=${SQL_USER:-root} end_time=$((SECONDS+($timeout/1000))) while [ $SECONDS -lt $end_time ]; do @@ -40,15 +40,15 @@ start_sql_server() { if [[ $logFile ]] then if [ "$IS_WINDOWS" == true ]; then - dolt sql-server --host 0.0.0.0 --port=$PORT --user "${SQL_USER:-dolt}" > $logFile 2>&1 & + dolt sql-server --host 0.0.0.0 --port=$PORT > $logFile 2>&1 & else - dolt sql-server --host 0.0.0.0 --port=$PORT --user "${SQL_USER:-dolt}" --socket "dolt.$PORT.sock" > $logFile 2>&1 & + dolt sql-server --host 0.0.0.0 --port=$PORT --socket "dolt.$PORT.sock" > $logFile 2>&1 & fi else if [ "$IS_WINDOWS" == true ]; then - dolt sql-server --host 0.0.0.0 --port=$PORT --user "${SQL_USER:-dolt}" & + dolt sql-server --host 0.0.0.0 --port=$PORT & else - dolt sql-server --host 0.0.0.0 --port=$PORT --user "${SQL_USER:-dolt}" --socket "dolt.$PORT.sock" & + dolt sql-server --host 0.0.0.0 --port=$PORT --socket "dolt.$PORT.sock" & fi fi echo db:$DEFAULT_DB logFile:$logFile PORT:$PORT CWD:$PWD @@ -83,9 +83,6 @@ start_sql_server_with_config() { echo " log_level: debug -user: - name: dolt - listener: host: 0.0.0.0 port: $PORT @@ -134,9 +131,9 @@ start_multi_db_server() { DEFAULT_DB="$1" PORT=$( definePORT ) if [ "$IS_WINDOWS" == true ]; then - dolt sql-server --host 0.0.0.0 --port=$PORT --user dolt --data-dir ./ & + dolt sql-server --host 0.0.0.0 --port=$PORT --data-dir ./ & else - dolt sql-server --host 0.0.0.0 --port=$PORT --user dolt --data-dir ./ --socket "dolt.$PORT.sock" & + dolt sql-server --host 0.0.0.0 --port=$PORT --data-dir ./ --socket "dolt.$PORT.sock" & fi SERVER_PID=$! wait_for_connection $PORT 8500 diff --git a/integration-tests/bats/profile.bats b/integration-tests/bats/profile.bats index 53d7d6716f7..38e904303a0 100755 --- a/integration-tests/bats/profile.bats +++ b/integration-tests/bats/profile.bats @@ -88,7 +88,7 @@ teardown() { cd - start_sql_server altDb - dolt --user dolt --password "" sql -q "CREATE USER 'steph' IDENTIFIED BY 'pass'; GRANT ALL PRIVILEGES ON altDB.* TO 'steph' WITH GRANT OPTION;"; + dolt sql -q "CREATE USER 'steph' IDENTIFIED BY 'pass'; GRANT ALL PRIVILEGES ON altDB.* TO 'steph' WITH GRANT OPTION;"; dolt profile add --user "not-steph" --password "pass" --use-db altDB userWithDBProfile run dolt --profile userWithDBProfile --user steph sql -q "select * from test" @@ -105,7 +105,7 @@ teardown() { cd - start_sql_server altDb - dolt --user dolt --password "" sql -q "CREATE USER 'steph' IDENTIFIED BY 'pass'; GRANT ALL PRIVILEGES ON altDB.* TO 'steph' WITH GRANT OPTION;"; + dolt sql -q "CREATE USER 'steph' IDENTIFIED BY 'pass'; GRANT ALL PRIVILEGES ON altDB.* TO 'steph' WITH GRANT OPTION;"; dolt profile add --user "not-steph" --password "pass" userProfile run dolt --profile userProfile --user steph --use-db altDB sql -q "select * from test" diff --git a/integration-tests/bats/remotes-sql-server.bats b/integration-tests/bats/remotes-sql-server.bats index 6ba4e285494..a0d42386a65 100644 --- a/integration-tests/bats/remotes-sql-server.bats +++ b/integration-tests/bats/remotes-sql-server.bats @@ -434,7 +434,7 @@ teardown() { [[ "$output" =~ "Tables_in_repo2/feature" ]] || false [[ "$output" =~ "test" ]] || false - run dolt -u dolt branch + run dolt branch [[ "$output" =~ "feature" ]] || false } @@ -462,11 +462,11 @@ teardown() { dolt branch newbranch dolt push remote1 newbranch - run dolt --use-db repo2/feature --port $PORT --host 0.0.0.0 --no-tls -u dolt sql -q "select active_branch()" + run dolt --use-db repo2/feature --port $PORT --host 0.0.0.0 --no-tls sql -q "select active_branch()" [ $status -eq 0 ] [[ "$output" =~ "feature" ]] || false - run dolt --use-db repo2/newbranch --port $PORT --host 0.0.0.0 --no-tls -u dolt sql -q "select active_branch()" + run dolt --use-db repo2/newbranch --port $PORT --host 0.0.0.0 --no-tls sql -q "select active_branch()" [ $status -eq 0 ] [[ "$output" =~ "newbranch" ]] || false diff --git a/integration-tests/bats/replication-multidb.bats b/integration-tests/bats/replication-multidb.bats index d378eba2c35..186ded7ba48 100644 --- a/integration-tests/bats/replication-multidb.bats +++ b/integration-tests/bats/replication-multidb.bats @@ -294,15 +294,15 @@ SQL start_multi_db_server repo1 cd .. - dolt --use-db repo1 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "create table t1 (a int primary key)" - dolt --use-db repo1 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_add('.')" - dolt --use-db repo1 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_commit('-am', 'cm')" - dolt --use-db repo2 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "create table t2 (a int primary key)" - dolt --use-db repo2 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_add('.')" - dolt --use-db repo2 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_commit('-am', 'cm')" - dolt --use-db repo3 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "create table t3 (a int primary key)" - dolt --use-db repo3 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_add('.')" - dolt --use-db repo3 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_commit('-am', 'cm')" + dolt --use-db repo1 --port $PORT --host 0.0.0.0 --no-tls sql -q "create table t1 (a int primary key)" + dolt --use-db repo1 --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_add('.')" + dolt --use-db repo1 --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_commit('-am', 'cm')" + dolt --use-db repo2 --port $PORT --host 0.0.0.0 --no-tls sql -q "create table t2 (a int primary key)" + dolt --use-db repo2 --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_add('.')" + dolt --use-db repo2 --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_commit('-am', 'cm')" + dolt --use-db repo3 --port $PORT --host 0.0.0.0 --no-tls sql -q "create table t3 (a int primary key)" + dolt --use-db repo3 --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_add('.')" + dolt --use-db repo3 --port $PORT --host 0.0.0.0 --no-tls sql -q "call dolt_commit('-am', 'cm')" clone_helper $TMPDIRS @@ -357,21 +357,21 @@ SQL dolt config --global --unset sqlserver.global.dolt_replicate_heads # Assert that no databases are synced to the read replica server yet - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "show databases" + run dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "show databases" [ $status -eq 0 ] [[ "$output" =~ "information_schema" ]] || false [[ ! "$output" =~ "repo1" ]] || false [[ ! "$output" =~ "repo2" ]] || false # Sync repo1 to the read replica server by use'ing it - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "use repo1; show databases;" + run dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "use repo1; show databases;" [ $status -eq 0 ] [[ "$output" =~ "information_schema" ]] || false [[ "$output" =~ "repo1" ]] || false [[ ! "$output" =~ "repo2" ]] || false # Sync repo1 by using it - run dolt --use-db repo1 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "select * from t1;" + run dolt --use-db repo1 --port $PORT --host 0.0.0.0 --no-tls sql -q "select * from t1;" [ $status -eq 0 ] [[ "$output" =~ "42" ]] || false @@ -382,7 +382,7 @@ SQL dolt push remote1 main:main # Verify that the changes from repo1 have been pulled - run dolt --use-db repo1 -u dolt --port $PORT --host 0.0.0.0 --no-tls sql -q "select * from t1;" + run dolt --use-db repo1 --port $PORT --host 0.0.0.0 --no-tls sql -q "select * from t1;" [ $status -eq 0 ] [[ "$output" =~ "42" ]] || false [[ "$output" =~ "43" ]] || false diff --git a/integration-tests/bats/sql-local-remote.bats b/integration-tests/bats/sql-local-remote.bats index 2c9d3ec6348..1fbb26bb9d1 100644 --- a/integration-tests/bats/sql-local-remote.bats +++ b/integration-tests/bats/sql-local-remote.bats @@ -106,7 +106,7 @@ get_commit_hash_at() { @test "sql-local-remote: test switch between server/no server" { start_sql_server defaultDB - run dolt --verbose-engine-setup --user dolt --password "" sql -q "show databases" + run dolt --verbose-engine-setup "" sql -q "show databases" [ "$status" -eq 0 ] || false [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "defaultDB" ]] || false @@ -128,17 +128,17 @@ get_commit_hash_at() { mkdir someplace_else cd someplace_else - run dolt --verbose-engine-setup --data-dir="$ROOT_DIR" --user dolt --password "" --use-db altDB sql -q "show tables" + run dolt --verbose-engine-setup --data-dir="$ROOT_DIR" --use-db altDB sql -q "show tables" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "altDB_tbl" ]] || false - run dolt --verbose-engine-setup --data-dir="$ROOT_DIR" --user dolt --password "" --use-db defaultDB sql -q "show tables" + run dolt --verbose-engine-setup --data-dir="$ROOT_DIR" --use-db defaultDB sql -q "show tables" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "defaultDB_tbl" ]] || false - run dolt --verbose-engine-setup --data-dir="$ROOT_DIR" --user dolt --password "" sql -q "show tables" + run dolt --verbose-engine-setup --data-dir="$ROOT_DIR" sql -q "show tables" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "altDB_tbl" ]] || false @@ -169,23 +169,23 @@ get_commit_hash_at() { mkdir -p someplace_new/fun cd someplace_new/fun - run dolt --verbose-engine-setup --data-dir="$ROOT_DIR/altDB" --user dolt --password "" sql -q "show tables" + run dolt --verbose-engine-setup --data-dir="$ROOT_DIR/altDB" sql -q "show tables" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "altDB_tbl" ]] || false - run dolt --verbose-engine-setup --data-dir="$ROOT_DIR/altDB" --user dolt --password "" --use-db defaultDB sql -q "show tables" + run dolt --verbose-engine-setup --data-dir="$ROOT_DIR/altDB" --use-db defaultDB sql -q "show tables" [ "$status" -eq 1 ] [[ "$output" =~ "defaultDB does not exist" ]] || false stop_sql_server 1 - run dolt --verbose-engine-setup --data-dir="$ROOT_DIR/altDB" --user dolt --password "" sql -q "show tables" + run dolt --verbose-engine-setup --data-dir="$ROOT_DIR/altDB" sql -q "show tables" [ "$status" -eq 0 ] [[ "$output" =~ "starting local mode" ]] || false [[ "$output" =~ "altDB_tbl" ]] || false - run dolt --verbose-engine-setup --data-dir="$ROOT_DIR/altDB" --user dolt --password "" --use-db defaultDB sql -q "show tables" + run dolt --verbose-engine-setup --data-dir="$ROOT_DIR/altDB" --use-db defaultDB sql -q "show tables" [ "$status" -eq 1 ] [[ "$output" =~ "defaultDB does not exist" ]] || false } @@ -202,7 +202,7 @@ get_commit_hash_at() { cd .. start_sql_server altDB - run dolt --user dolt --password "" blame test + run dolt blame test [ "$status" -eq 0 ] export out="$output" stop_sql_server 1 @@ -216,11 +216,11 @@ get_commit_hash_at() { start_sql_server altDB cd altDB - run dolt --verbose-engine-setup --user dolt --password "" sql -q "create table testtable (pk int PRIMARY KEY)" + run dolt --verbose-engine-setup sql -q "create table testtable (pk int PRIMARY KEY)" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false - run dolt --verbose-engine-setup --user dolt --password "" add . + run dolt --verbose-engine-setup add . [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false @@ -236,11 +236,11 @@ get_commit_hash_at() { start_sql_server altDB cd altDB - run dolt --verbose-engine-setup --user dolt --password "" checkout -b other + run dolt --verbose-engine-setup checkout -b other [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false - run dolt --verbose-engine-setup --user dolt --password "" branch + run dolt --verbose-engine-setup branch [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "main" ]] || false @@ -256,7 +256,7 @@ get_commit_hash_at() { start_sql_server altDB - run dolt --verbose-engine-setup --user dolt --password "" checkout main + run dolt --verbose-engine-setup checkout main [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false @@ -270,7 +270,7 @@ get_commit_hash_at() { @test "sql-local-remote: test 'status' and switch between server/no server" { start_sql_server defaultDB - run dolt --user dolt --password "" status + run dolt status [ "$status" -eq 0 ] || false [[ "$output" =~ "On branch main" ]] || false [[ "$output" =~ "Changes to be committed:" ]] || false @@ -286,7 +286,7 @@ get_commit_hash_at() { ! [[ "$output" =~ " new table: generated_foo" ]] || false remoteOutput=$output - run dolt --user dolt --password "" status --ignored + run dolt status --ignored [ "$status" -eq 0 ] || false [[ "$output" =~ "On branch main" ]] || false [[ "$output" =~ "Changes to be committed:" ]] || false @@ -364,11 +364,11 @@ get_commit_hash_at() { start_sql_server altDB cd altDB - run dolt --verbose-engine-setup --user dolt --password "" branch b1 + run dolt --verbose-engine-setup branch b1 [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false - run dolt --verbose-engine-setup --user dolt --password "" branch + run dolt --verbose-engine-setup branch [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "main" ]] || false @@ -552,7 +552,7 @@ SQL @test "sql-local-remote: check that the --password argument is used when talking to a server and ignored with local" { start_sql_server altDb - dolt --user dolt --password "" sql -q "CREATE USER 'joe'@'%' IDENTIFIED BY 'joe123'; GRANT ALL PRIVILEGES ON defaultDb.* TO 'joe'@'%' WITH GRANT OPTION;"; + dolt sql -q "CREATE USER 'joe'@'%' IDENTIFIED BY 'joe123'; GRANT ALL PRIVILEGES ON defaultDb.* TO 'joe'@'%' WITH GRANT OPTION;"; run dolt --verbose-engine-setup --user joe --password "badpwd" sql -q "show tables" [ "$status" -eq 1 ] @@ -568,7 +568,7 @@ SQL [[ "$output" =~ "defaultDB_tbl" ]] || false # Empty Password should work since we started the server with the 'dolt' user with no pwd. - run dolt --verbose-engine-setup --user dolt --password "" sql -q "show tables" + run dolt --verbose-engine-setup sql -q "show tables" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "altDB_tbl" ]] || false @@ -598,18 +598,12 @@ SQL run dolt --verbose-engine-setup --user joe --password "joe123" sql -q "SELECT user, host FROM mysql.user" [ "$status" -eq 1 ] [[ "$output" =~ "Access denied for user 'joe'" ]] || false - - # Similar test to above, but will get different results because the dolt user doesn't exist (it was - # used to start sql-server - run dolt --user dolt --password "" sql -q "show tables" - [ "$status" -eq 1 ] - [[ "$output" =~ "Access denied for user 'dolt'" ]] || false } @test "sql-local-remote: check that the DOLT_CLI_PASSWORD argument is used when talking to a server and ignored with local" { start_sql_server altDb - dolt --user dolt --password "" sql -q "CREATE USER 'joe'@'%' IDENTIFIED BY 'joe123'; GRANT ALL PRIVILEGES ON defaultDb.* TO 'joe'@'%' WITH GRANT OPTION;"; + dolt sql -q "CREATE USER 'joe'@'%' IDENTIFIED BY 'joe123'; GRANT ALL PRIVILEGES ON defaultDb.* TO 'joe'@'%' WITH GRANT OPTION;"; export DOLT_CLI_PASSWORD="badpwd" run dolt --verbose-engine-setup --user joe sql -q "show tables" @@ -628,7 +622,7 @@ SQL [[ "$output" =~ "defaultDB_tbl" ]] || false export DOLT_CLI_PASSWORD="" - run dolt --verbose-engine-setup --user dolt sql -q "show tables" + run dolt --verbose-engine-setup --user root sql -q "show tables" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false [[ "$output" =~ "altDB_tbl" ]] || false @@ -667,11 +661,6 @@ SQL [ "$status" -eq 1 ] [[ "$output" =~ "Access denied for user 'rambo'" ]] || false - export DOLT_CLI_PASSWORD="" - run dolt --user dolt sql -q "show tables" - [ "$status" -eq 1 ] - [[ "$output" =~ "Access denied for user 'dolt'" ]] || false - unset DOLT_CLI_PASSWORD } diff --git a/integration-tests/bats/sql-privs.bats b/integration-tests/bats/sql-privs.bats index b8ecbebec55..0468476055c 100644 --- a/integration-tests/bats/sql-privs.bats +++ b/integration-tests/bats/sql-privs.bats @@ -164,18 +164,22 @@ teardown() { [[ $output =~ "| user1 | localhost |" ]] || false } -# Asserts that the root@localhost superuser does not get created when a temporary superuser is -# specified the first time a sql-server is started and privileges.db is initialized. -@test "sql-privs: implicit root superuser doesn't get created when specifying a temporary superuser" { +# TODO: This might be better as a sql-server.bats test + +# When the deprecated --user argument is specified to sql-server, we expect a helpful error message +# to be displayed and for the sql-server command to fail. +@test "sql-privs: using the deprecated --user argument fails with a helpful error message" { PORT=$( definePORT ) - dolt sql-server --port $PORT -u temp1 & - SERVER_PID=$! - sleep 1 + run dolt sql-server --port $PORT -u temp1 + [ $status -ne 0 ] + [[ $output =~ "--user and --password have been removed from the sql-server command." ]] || false + [[ $output =~ "Create users explicitly with CREATE USER and GRANT statements instead." ]] || false # Assert that there is no root user - run dolt -u temp1 sql -q "select user, host from mysql.user where user='root';" + run dolt sql -q "select user, host from mysql.user where user='root';" [ $status -eq 0 ] - ! [[ $output =~ "root" ]] || false + [[ $output =~ "root" ]] || false + ! [[ $output =~ "temp1" ]] || false } # Asserts that the root@localhost superuser is not created when the --skip-default-root-user flag @@ -190,14 +194,8 @@ teardown() { run dolt -u root sql -q "select user, host from mysql.user where user='root';" [ $status -ne 0 ] - # Restart the SQL server with a temporary superuser - stop_sql_server 1 && sleep 0.5 - dolt sql-server --port $PORT --u user1 & - SERVER_PID=$! - sleep 1 - # Assert that there is no root user - run dolt -u user1 sql -q "select user, host from mysql.user where user='root';" + run dolt sql -q "select user, host from mysql.user where user='root';" [ $status -eq 0 ] ! [[ $output =~ "root" ]] || false } @@ -210,12 +208,12 @@ teardown() { run dolt sql -q "select user from mysql.user order by user" [ $status -eq 0 ] - [[ $output =~ "dolt" ]] || false + [[ $output =~ "root" ]] || false dolt sql -q "create user new_user" run dolt sql -q "select user from mysql.user order by user" [ $status -eq 0 ] - [[ $output =~ "dolt" ]] || false + [[ $output =~ "root" ]] || false [[ $output =~ "new_user" ]] || false run ls -a @@ -225,59 +223,6 @@ teardown() { [[ "$output" =~ "privileges.db" ]] || false } -@test "sql-privs: yaml with no user is replaced with command line user" { - make_test_repo - touch server.yaml - PORT=$( definePORT ) - - echo "log_level: debug - -listener: - host: 0.0.0.0 - port: $PORT - max_connections: 10 - -behavior: - autocommit: false -" > server.yaml - - dolt sql-server --port=$PORT --config server.yaml --user cmddolt & - SERVER_PID=$! - sleep 5 - - - run dolt -u cmddolt sql -q "select user from mysql.user" - [ $status -eq 0 ] - [[ $output =~ "cmddolt" ]] || false -} - -@test "sql-privs: yaml with user is also replaced with command line user" { - make_test_repo - touch server.yaml - PORT=$( definePORT ) - - echo "log_level: debug -user: - name: yamldolt - -listener: - host: 0.0.0.0 - port: $PORT - max_connections: 10 - -behavior: - autocommit: false -" > server.yaml - - dolt sql-server --port=$PORT --config server.yaml --user cmddolt & - SERVER_PID=$! - sleep 5 - - run dolt -u cmddolt sql -q "select user from mysql.user" - [ $status -eq 0 ] - [[ $output =~ "cmddolt" ]] || false -} - @test "sql-privs: yaml specifies doltcfg dir" { make_test_repo touch server.yaml @@ -335,10 +280,12 @@ behavior: run cat privs.json [[ "$output" =~ "\"User\":\"privs_user\"" ]] || false - start_sql_server_with_args --host 0.0.0.0 --user=dolt --privilege-file=privs.json + SQL_USER=dolt + start_sql_server_with_args --host 0.0.0.0 --privilege-file=privs.json run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] + ! [[ $output =~ root ]] || false [[ $output =~ dolt ]] || false [[ $output =~ privs_user ]] || false @@ -346,6 +293,7 @@ behavior: run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] + ! [[ $output =~ root ]] || false [[ $output =~ dolt ]] || false [[ $output =~ new_user ]] || false [[ $output =~ privs_user ]] || false @@ -356,10 +304,11 @@ behavior: # Restart server stop_sql_server - start_sql_server_with_args --host 0.0.0.0 --user=dolt --privilege-file=privs.json + start_sql_server_with_args --host 0.0.0.0 --privilege-file=privs.json run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] + ! [[ $output =~ root ]] || false [[ $output =~ dolt ]] || false [[ $output =~ new_user ]] || false [[ $output =~ privs_user ]] || false @@ -371,7 +320,7 @@ behavior: touch privs.db echo "garbage" > privs.db - run start_sql_server_with_args --host 0.0.0.0 --user=dolt --privilege-file=privs.db + run start_sql_server_with_args --host 0.0.0.0 --privilege-file=privs.db [ "$status" -eq 1 ] [[ "$output" =~ "ill formatted privileges file" ]] || false } @@ -402,15 +351,6 @@ behavior: [[ "$output" =~ "privileges.db" ]] || false } -@test "sql-privs: host option doesn't affect user" { - make_test_repo - - start_sql_server_with_args --host 127.0.0.1 --user=dolt - run dolt sql --result-format csv -q "select user, host from mysql.user order by user" - [ $status -eq 0 ] - [[ "$output" =~ "dolt,%" ]] || false -} - @test "sql-privs: multiple doltcfg directories causes error" { # setup repo rm -rf test_db @@ -433,7 +373,7 @@ behavior: @test "sql-privs: sql-server specify data-dir" { make_multi_test_repo - start_sql_server_with_args --host 0.0.0.0 --user=dolt --data-dir=db_dir + start_sql_server_with_args --host 0.0.0.0 --data-dir=db_dir run ls -a ! [[ "$output" =~ ".doltcfg" ]] || false @@ -443,7 +383,7 @@ behavior: [[ "$output" =~ ".doltcfg" ]] || false ! [[ "$output" =~ "privileges.db" ]] || false - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "show databases" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "show databases" [ $status -eq 0 ] [[ $output =~ db1 ]] || false [[ $output =~ db2 ]] || false @@ -451,15 +391,15 @@ behavior: [[ $output =~ information_schema ]] || false [[ $output =~ mysql ]] || false - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" [ $status -eq 0 ] [[ $output =~ dolt ]] || false - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "create user new_user" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "create user new_user" - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false [[ $output =~ new_user ]] || false run ls -a @@ -477,7 +417,7 @@ behavior: @test "sql-privs: specify doltcfg directory" { make_test_repo - start_sql_server_with_args --host 0.0.0.0 --user=dolt --doltcfg-dir=doltcfgdir + start_sql_server_with_args --host 0.0.0.0 --doltcfg-dir=doltcfgdir run ls -a ! [[ "$output" =~ ".doltcfg" ]] || false @@ -485,13 +425,13 @@ behavior: run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false dolt sql -q "create user new_user" run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false [[ $output =~ new_user ]] || false run ls -a @@ -505,7 +445,7 @@ behavior: @test "sql-privs: specify privilege file" { make_test_repo - start_sql_server_with_args --host 0.0.0.0 --user=dolt --privilege-file=privs.db + start_sql_server_with_args --host 0.0.0.0 --privilege-file=privs.db run ls -a [[ "$output" =~ ".doltcfg" ]] || false @@ -517,15 +457,14 @@ behavior: run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false dolt sql -q "create user new_user" run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false [[ $output =~ new_user ]] || false - ! [[ $output =~ root ]] || false run ls -a [[ "$output" =~ ".doltcfg" ]] || false @@ -535,7 +474,7 @@ behavior: @test "sql-privs: specify data-dir and doltcfg-dir" { make_multi_test_repo - start_sql_server_with_args --host 0.0.0.0 --user=dolt --data-dir=db_dir --doltcfg-dir=doltcfgdir + start_sql_server_with_args --host 0.0.0.0 --data-dir=db_dir --doltcfg-dir=doltcfgdir run ls -a ! [[ "$output" =~ ".doltcfg" ]] || false @@ -546,7 +485,7 @@ behavior: ! [[ "$output" =~ ".doltcfg" ]] || false ! [[ "$output" =~ "privileges.db" ]] || false - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "show databases" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "show databases" [ $status -eq 0 ] [[ $output =~ db1 ]] || false [[ $output =~ db2 ]] || false @@ -554,15 +493,15 @@ behavior: [[ $output =~ information_schema ]] || false [[ $output =~ mysql ]] || false - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "create user new_user" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "create user new_user" - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false [[ $output =~ new_user ]] || false run ls -a @@ -581,7 +520,7 @@ behavior: @test "sql-privs: specify data-dir and privilege-file" { make_multi_test_repo - start_sql_server_with_args --host 0.0.0.0 --user=dolt --data-dir=db_dir --privilege-file=privs.db + start_sql_server_with_args --host 0.0.0.0 --data-dir=db_dir --privilege-file=privs.db run ls -a ! [[ "$output" =~ ".doltcfg" ]] || false @@ -591,7 +530,7 @@ behavior: [[ "$output" =~ ".doltcfg" ]] || false ! [[ "$output" =~ "privs.db" ]] || false - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "show databases" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "show databases" [ $status -eq 0 ] [[ $output =~ db1 ]] || false [[ $output =~ db2 ]] || false @@ -599,15 +538,15 @@ behavior: [[ $output =~ information_schema ]] || false [[ $output =~ mysql ]] || false - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "create user new_user" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "create user new_user" - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false [[ $output =~ new_user ]] || false run ls -a @@ -625,7 +564,7 @@ behavior: @test "sql-privs: specify doltcfg-dir and privilege-file" { make_test_repo - start_sql_server_with_args --host 0.0.0.0 --user=dolt --doltcfg-dir=doltcfgdir --privilege-file=privs.db + start_sql_server_with_args --host 0.0.0.0 --doltcfg-dir=doltcfgdir --privilege-file=privs.db run ls -a ! [[ "$output" =~ ".doltcfg" ]] || false @@ -635,7 +574,7 @@ behavior: run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false dolt sql -q "create user new_user" @@ -657,7 +596,7 @@ behavior: @test "sql-privs: specify data-dir, doltcfg-dir, and privileges-file" { make_multi_test_repo - start_sql_server_with_args --host 0.0.0.0 --user=dolt --data-dir=db_dir --doltcfg-dir=doltcfgdir --privilege-file=privs.db + start_sql_server_with_args --host 0.0.0.0 --data-dir=db_dir --doltcfg-dir=doltcfgdir --privilege-file=privs.db run ls -a ! [[ "$output" =~ ".doltcfg" ]] || false @@ -665,7 +604,7 @@ behavior: ! [[ "$output" =~ "privileges.db" ]] || false [[ "$output" =~ "privs.db" ]] || false - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "show databases" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "show databases" [ $status -eq 0 ] [[ $output =~ db1 ]] || false [[ $output =~ db2 ]] || false @@ -673,15 +612,15 @@ behavior: [[ $output =~ information_schema ]] || false [[ $output =~ mysql ]] || false - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "create user new_user" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "create user new_user" - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db db1 sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false [[ $output =~ new_user ]] || false run ls -a @@ -704,7 +643,7 @@ behavior: make_multi_test_repo dolt init - start_sql_server_with_args --host 0.0.0.0 --user=dolt + start_sql_server_with_args --host 0.0.0.0 dolt sql -q "create user new_user" stop_sql_server @@ -715,16 +654,15 @@ behavior: [[ "$output" =~ "privileges.db" ]] || false cd db_dir - start_sql_server_with_args --host 0.0.0.0 --user=dolt + start_sql_server_with_args --host 0.0.0.0 run dolt sql -q "select user from mysql.user" [ $status -eq 0 ] - [[ $output =~ dolt ]] || false + [[ $output =~ root ]] || false [[ $output =~ new_user ]] || false } @test "sql-privs: basic lack of privileges tests" { make_test_repo - SQL_USER='dolt' start_sql_server dolt sql -q "create table t1(c1 int)" @@ -768,14 +706,16 @@ behavior: dolt sql -q "grant insert on *.* to test@'127.0.0.1'" # check information_schema.USER_PRIVILEGES table - run dolt -u test sql -q "select * from information_schema.USER_PRIVILEGES;" - [[ "$output" =~ "| 'test'@'127.0.0.1' | def | INSERT | NO |" ]] || false + run dolt sql -r csv -q "select * from information_schema.USER_PRIVILEGES;" + [[ "$output" =~ "'test'@'127.0.0.1',def,INSERT,NO" ]] || false dolt sql -q "drop user test@'127.0.0.1'" dolt sql -q "create user test@'10.10.10.10'" dolt sql -q "grant select on test_db.* to test@'10.10.10.10'" + # Assert that using the test account results in an authentication error, since only test@10.10.10.10 exists now run dolt -u test sql -q "show tables" [ $status -ne 0 ] + [[ "$output" =~ "No authentication methods available for authentication" ]] || false } @test "sql-privs: creating user identified by password" { @@ -807,17 +747,16 @@ behavior: @test "sql-privs: deleting user prevents access by that user" { make_test_repo - SQL_USER='dolt' start_sql_server - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db test_db sql -q "create table t1(c1 int)" - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db '' sql -q "create user test" - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db '' sql -q "grant select on test_db.* to test" - run dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db test_db sql -q "show tables" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db test_db sql -q "create table t1(c1 int)" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db '' sql -q "create user test" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db '' sql -q "grant select on test_db.* to test" + run dolt --port $PORT --host 0.0.0.0 --no-tls --use-db test_db sql -q "show tables" [ $status -eq 0 ] [[ $output =~ t1 ]] || false - dolt -u dolt --port $PORT --host 0.0.0.0 --no-tls --use-db '' sql -q "drop user test" + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db '' sql -q "drop user test" run dolt -u test --port $PORT --host 0.0.0.0 --no-tls --use-db test_db sql -q "show tables" [ $status -ne 0 ] diff --git a/integration-tests/bats/sql-server-config-file-generation.bats b/integration-tests/bats/sql-server-config-file-generation.bats index 151c92787ef..924a16541ed 100644 --- a/integration-tests/bats/sql-server-config-file-generation.bats +++ b/integration-tests/bats/sql-server-config-file-generation.bats @@ -28,7 +28,7 @@ teardown() { mkdir -p "$data_dir" fi - start_sql_server_with_args --data-dir "$data_dir" --host 0.0.0.0 --user dolt + start_sql_server_with_args --data-dir "$data_dir" --host 0.0.0.0 [[ -f "$data_dir/$CONFIG_FILE_NAME" ]] || false @@ -45,7 +45,7 @@ teardown() { echo "Don't overwrite me!" >"$data_dir/$CONFIG_FILE_NAME" - start_sql_server_with_args --data-dir "$data_dir" --host 0.0.0.0 --user dolt + start_sql_server_with_args --data-dir "$data_dir" --host 0.0.0.0 run cat "$data_dir/$CONFIG_FILE_NAME" [ $status -eq 0 ] @@ -98,8 +98,7 @@ EOF --max-connections 77 \ --timeout 7777777 \ --allow-cleartext-passwords true \ - --host 0.0.0.0 \ - --user dolt + --host 0.0.0.0 run cat "$CONFIG_FILE_NAME" [ $status -eq 0 ] @@ -115,8 +114,7 @@ EOF start_sql_server_with_args \ --max-connections 77 \ --timeout 7777777 \ - --host 0.0.0.0 \ - --user dolt + --host 0.0.0.0 run cat "$CONFIG_FILE_NAME" [ $status -eq 0 ] diff --git a/integration-tests/bats/sql-server-mysql.expect b/integration-tests/bats/sql-server-mysql.expect index 9c1b72fb998..327b5cf4a68 100644 --- a/integration-tests/bats/sql-server-mysql.expect +++ b/integration-tests/bats/sql-server-mysql.expect @@ -4,7 +4,7 @@ set timeout 10 set port [lindex $argv 0]; set database [lindex $argv 1]; -spawn mysql --host 0.0.0.0 --port $port --user dolt +spawn mysql --host 0.0.0.0 --port $port --user root expect { "mysql> " { send "show databases;\r"; } diff --git a/integration-tests/bats/sql-server-remotesrv.bats b/integration-tests/bats/sql-server-remotesrv.bats index bef7a7be92f..b5a826dd604 100644 --- a/integration-tests/bats/sql-server-remotesrv.bats +++ b/integration-tests/bats/sql-server-remotesrv.bats @@ -153,8 +153,9 @@ select count(*) from vals; dolt commit -m 'initial vals.' export DOLT_REMOTE_USER="user0" export DOLT_REMOTE_PASSWORD="pass0" + dolt sql -q "CREATE USER user0@'%' identified by 'pass0'; GRANT ALL ON *.* to user0@'%';" - dolt sql-server --port 3307 -u $DOLT_REMOTE_USER -p $DOLT_REMOTE_PASSWORD --remotesapi-port 50051 & + dolt sql-server --port 3307 --remotesapi-port 50051 & srv_pid=$! cd ../../ @@ -182,7 +183,7 @@ call dolt_commit('-am', 'add some vals'); [[ "$status" != 0 ]] || false [[ "$output" =~ "Access denied for user 'root'" ]] || false - # # With auth fetch + # With auth fetch run dolt fetch --user $DOLT_REMOTE_USER [[ "$status" -eq 0 ]] || false @@ -223,8 +224,9 @@ call dolt_commit('-am', 'add one val'); dolt commit -m 'initial vals.' export DOLT_REMOTE_USER="user0" export DOLT_REMOTE_PASSWORD="pass0" + dolt sql -q "CREATE USER user0@'%' identified by 'pass0'; GRANT ALL ON *.* to user0@'%';" - dolt sql-server --port 3307 -u $DOLT_REMOTE_USER -p $DOLT_REMOTE_PASSWORD --remotesapi-port 50051 & + dolt sql-server --port 3307 --remotesapi-port 50051 & srv_pid=$! cd ../../ @@ -248,8 +250,9 @@ call dolt_commit('-am', 'add one val'); dolt sql -q 'insert into vals (i) values (1), (2), (3), (4), (5);' dolt add vals dolt commit -m 'initial vals.' + dolt sql -q "CREATE USER user0@'%' identified by 'pass0'; GRANT ALL ON *.* to user0@'%';" - dolt sql-server --port 3307 -u user0 -p pass0 --remotesapi-port 50051 & + dolt sql-server --port 3307 --remotesapi-port 50051 & srv_pid=$! sleep 2 run dolt sql -q " @@ -325,8 +328,9 @@ call dolt_commit('-am', 'add one val');" dolt commit -m 'initial vals.' export DOLT_REMOTE_USER="user0" export DOLT_REMOTE_PASSWORD="pass0" + dolt sql -q "CREATE USER user0@'%' identified by 'pass0'; GRANT ALL ON *.* to user0@'%';" - dolt sql-server -u $DOLT_REMOTE_USER -p $DOLT_REMOTE_PASSWORD --remotesapi-port 50051 & + dolt sql-server --remotesapi-port 50051 & srv_pid=$! cd ../../ @@ -347,7 +351,7 @@ call dolt_commit('-am', 'add one val');" export DOLT_REMOTE_USER="user0" export PASSWORD="pass0" - dolt sql-server -u $DOLT_REMOTE_USER -p $PASSWORD --remotesapi-port 50051 & + dolt sql-server --remotesapi-port 50051 & srv_pid=$! cd ../../ @@ -377,9 +381,10 @@ call dolt_commit('-am', 'add one val');" dolt commit -m 'initial names.' APIPORT=$( definePORT ) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT + start_sql_server_with_args --remotesapi-port $APIPORT cd ../ dolt clone http://localhost:$APIPORT/remote cloned_db -u root @@ -408,11 +413,11 @@ call dolt_commit('-am', 'add one val');" dolt commit -m 'initial names.' dolt sql -q 'insert into names (name) values ("zeek");' # dirty the workspace. This won't be cloned - APIPORT=$( definePORT ) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT + start_sql_server_with_args --remotesapi-port $APIPORT cd ../ dolt clone http://localhost:$APIPORT/remote cloned_db -u root @@ -457,9 +462,10 @@ call dolt_commit('-am', 'add one val');" dolt commit -m 'initial names.' APIPORT=$( definePORT ) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT + start_sql_server_with_args --remotesapi-port $APIPORT cd ../ dolt clone http://localhost:$APIPORT/remote cloned_db -u root @@ -508,9 +514,10 @@ call dolt_commit('-am', 'add one val');" dolt commit -m 'initial names.' APIPORT=$( definePORT ) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT + start_sql_server_with_args --remotesapi-port $APIPORT dolt sql -q " CREATE USER clone_admin_user@'localhost' IDENTIFIED BY 'pass1'; @@ -548,9 +555,10 @@ GRANT CLONE_ADMIN ON *.* TO clone_admin_user@'localhost'; dolt commit -m 'initial names.' APIPORT=$( definePORT ) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT --remotesapi-readonly + start_sql_server_with_args --remotesapi-port $APIPORT --remotesapi-readonly cd ../ dolt clone http://localhost:$APIPORT/remote cloned_db -u "$SQL_USER" @@ -575,9 +583,10 @@ GRANT CLONE_ADMIN ON *.* TO clone_admin_user@'localhost'; dolt branch new_branch HEAD APIPORT=$( definePORT ) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT + start_sql_server_with_args --remotesapi-port $APIPORT cd ../ dolt clone http://localhost:$APIPORT/remote cloned_db -u $SQL_USER @@ -605,9 +614,10 @@ GRANT CLONE_ADMIN ON *.* TO clone_admin_user@'localhost'; dolt --use-db=remote/new_branch sql -q 'insert into names (name) values ("zeek");' # dirty the workspace APIPORT=$(definePORT) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT + start_sql_server_with_args --remotesapi-port $APIPORT cd ../ dolt clone http://localhost:$APIPORT/remote cloned_db -u $SQL_USER @@ -637,9 +647,10 @@ GRANT CLONE_ADMIN ON *.* TO clone_admin_user@'localhost'; dolt commit -m 'initial names.' APIPORT=$(definePORT) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT + start_sql_server_with_args --remotesapi-port $APIPORT cd ../ dolt clone http://localhost:$APIPORT/remote cloned_db -u $SQL_USER @@ -666,9 +677,10 @@ GRANT CLONE_ADMIN ON *.* TO clone_admin_user@'localhost'; dolt commit -m 'initial names.' APIPORT=$( definePORT ) + dolt sql -q "CREATE USER root@'%' identified by 'rootpass'; GRANT ALL ON *.* to root@'%';" export DOLT_REMOTE_PASSWORD="rootpass" export SQL_USER="root" - start_sql_server_with_args -u "$SQL_USER" -p "$DOLT_REMOTE_PASSWORD" --remotesapi-port $APIPORT + start_sql_server_with_args --remotesapi-port $APIPORT cd ../ dolt clone http://localhost:$APIPORT/remote cloned_db -u $SQL_USER diff --git a/integration-tests/bats/sql-server.bats b/integration-tests/bats/sql-server.bats index 2f06c100ff5..ce38adc0240 100644 --- a/integration-tests/bats/sql-server.bats +++ b/integration-tests/bats/sql-server.bats @@ -126,7 +126,7 @@ EOF # assert that loglevel on command line is not case sensitive cd repo1 PORT=$( definePORT ) - dolt sql-server --loglevel TrAcE --port=$PORT --user dolt --socket "dolt.$PORT.sock" > log.txt 2>&1 & + dolt sql-server --loglevel TrAcE --port=$PORT --socket "dolt.$PORT.sock" > log.txt 2>&1 & SERVER_PID=$! wait_for_connection $PORT 8500 dolt sql -q "show databases;" @@ -137,8 +137,6 @@ EOF log_level: dEBuG behavior: disable_client_multi_statements: true -user: - name: dolt listener: host: "0.0.0.0" port: $PORT @@ -155,7 +153,7 @@ EOF dolt sql -q "create user dolt@'%' identified by '123'" PORT=$( definePORT ) - dolt sql-server --port=$PORT --user dolt --socket "dolt.$PORT.sock" > log.txt 2>&1 & + dolt sql-server --port=$PORT --socket "dolt.$PORT.sock" > log.txt 2>&1 & SERVER_PID=$! sleep 5 @@ -204,6 +202,8 @@ user_session_vars: dolt --privilege-file=privs.json sql -q "CREATE USER user2@'127.0.0.1' IDENTIFIED BY 'pass2'" dolt --privilege-file=privs.json sql -q "CREATE USER user3@'127.0.0.1' IDENTIFIED BY 'pass3'" + # Set SQL_USER so that the db connection tester uses a valid user + SQL_USER=dolt start_sql_server_with_config "" server.yaml run dolt --host=127.0.0.1 --port=$PORT --no-tls --user=user0 --password=pass0 sql -q "SELECT @@aws_credentials_file, @@aws_credentials_profile;" @@ -234,7 +234,7 @@ user_session_vars: dolt push origin main # Start up the server in read-only mode - start_sql_server_with_args "--readonly" "--user dolt" + start_sql_server_with_args "--readonly" # Assert that we can still checkout other branches and run dolt status # while the sql-server is running in read-only mode @@ -265,7 +265,7 @@ user_session_vars: [[ "$output" =~ "one_pk" ]] || false # Add rows on the command line - run dolt --verbose-engine-setup --user=dolt sql -q "insert into one_pk values (1,1,1)" + run dolt --verbose-engine-setup sql -q "insert into one_pk values (1,1,1)" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false run dolt sql -q "SELECT * FROM one_pk" @@ -301,16 +301,16 @@ SQL # add some working changes dolt sql -q "INSERT INTO test VALUES (7,7);" - run dolt --user=dolt status + run dolt status [ "$status" -eq 0 ] [[ "$output" =~ "test" ]] || false dolt sql -q "CALL DOLT_RESET('--hard');" - run dolt --user=dolt status + run dolt status [ "$status" -eq 0 ] [[ "$output" =~ "working tree clean" ]] || false - run dolt --user=dolt sql -q "SELECT sum(pk), sum(c0) FROM test;" -r csv + run dolt sql -q "SELECT sum(pk), sum(c0) FROM test;" -r csv [ "$status" -eq 0 ] [[ "$output" =~ "6,6" ]] || false @@ -318,10 +318,10 @@ SQL INSERT INTO test VALUES (8,8); CALL DOLT_RESET('--hard');" - run dolt --user=dolt status + run dolt status [ "$status" -eq 0 ] [[ "$output" =~ "working tree clean" ]] || false - run dolt --user=dolt sql -q "SELECT sum(pk), sum(c0) FROM test;" -r csv + run dolt sql -q "SELECT sum(pk), sum(c0) FROM test;" -r csv [ "$status" -eq 0 ] [[ "$output" =~ "6,6" ]] || false } @@ -567,7 +567,7 @@ SQL [[ $output =~ " 21 " ]] || false [[ $output =~ " 60 " ]] || false - run dolt --user=dolt status + run dolt status [ $status -eq 0 ] [[ "$output" =~ "nothing to commit, working tree clean" ]] || false } @@ -653,7 +653,7 @@ SQL # create a new database and table and rerun dolt sql -q "CREATE DATABASE testdb" - dolt --port $PORT --host 0.0.0.0 --no-tls -u dolt --use-db '' sql -q "CREATE TABLE testdb.one_pk ( + dolt --port $PORT --host 0.0.0.0 --no-tls --use-db '' sql -q "CREATE TABLE testdb.one_pk ( pk int, PRIMARY KEY (pk))" @@ -689,11 +689,11 @@ SQL # verify changes outside the session cd repo2 - run dolt --user=dolt sql -q "show tables" + run dolt sql -q "show tables" [ "$status" -eq 0 ] [[ "$output" =~ "one_pk" ]] || false - run dolt --user=dolt sql -q "select * from one_pk" + run dolt sql -q "select * from one_pk" [ "$status" -eq 0 ] [[ "$output" =~ " 0 " ]] || false [[ "$output" =~ " 1 " ]] || false @@ -744,7 +744,7 @@ SQL [ "$status" -eq 0 ] [[ "$output" =~ "one_pk" ]] || false - run dolt --verbose-engine-setup --user=dolt --use-db repo1 sql -q "drop table one_pk" + run dolt --verbose-engine-setup --use-db repo1 sql -q "drop table one_pk" [ "$status" -eq 0 ] [[ "$output" =~ "starting remote mode" ]] || false @@ -886,8 +886,6 @@ SQL log_level: debug behavior: disable_client_multi_statements: true -user: - name: dolt listener: host: "0.0.0.0" port: $PORT @@ -905,7 +903,7 @@ import time i=0 while True: try: - with mysql.connector.connect(host="127.0.0.1", user="dolt", port='"$PORT"', database="repo1", connection_timeout=1) as c: + with mysql.connector.connect(host="127.0.0.1", user="root", port='"$PORT"', database="repo1", connection_timeout=1) as c: cursor = c.cursor() cursor.execute(""" CREATE TRIGGER test_on_insert BEFORE INSERT ON test @@ -934,8 +932,6 @@ END""") PORT=$( definePORT ) cat >config.yml <> log.txt 2>&1 & + dolt sql-server --port $PORT >> log.txt 2>&1 & SERVER_PID=$! wait_for_connection $PORT 8500 @@ -1509,10 +1505,6 @@ data_dir: $DATA_DIR [ "$status" -eq 0 ] [ "${#lines[@]}" -eq 1 ] - run dolt --user=dolt sql -q "select 1" - [ "$status" -eq 0 ] - [[ "$output" =~ "1" ]] || false - run dolt sql -q "select 1" [ "$status" -eq 0 ] [[ "$output" =~ "1" ]] || false @@ -1524,7 +1516,7 @@ data_dir: $DATA_DIR DEFAULT_DB="repo2" PORT=$( definePORT ) - dolt sql-server --port $PORT --user dolt --socket > log.txt 2>&1 & + dolt sql-server --port $PORT --socket > log.txt 2>&1 & SERVER_PID=$! wait_for_connection $PORT 8500 @@ -1547,7 +1539,7 @@ data_dir: $DATA_DIR REPO_NAME=$output secondPORT=$( definePORT ) - dolt sql-server --port=$secondPORT --socket="$REPO_NAME/mysql.sock" --user dolt > log.txt 2>&1 & + dolt sql-server --port=$secondPORT --socket="$REPO_NAME/mysql.sock" > log.txt 2>&1 & SECOND_SERVER_PID=$! run wait_for_connection $secondPORT 8500 [ "$status" -eq 0 ] @@ -1623,7 +1615,7 @@ behavior: dolt init PORT=$( definePORT ) - dolt sql-server --host 0.0.0.0 --port=$PORT --user dolt --socket "dolt.$PORT.sock" & + dolt sql-server --host 0.0.0.0 --port=$PORT --socket "dolt.$PORT.sock" & SERVER_PID=$! # will get killed by teardown_common wait_for_connection $PORT 8500 @@ -1846,7 +1838,7 @@ behavior: run dolt sql -q "call dolt_checkout('other'); call dolt_branch('-m', 'other', 'newOther'); select active_branch();" [ $status -eq 0 ] [[ "$output" =~ "newOther" ]] || false - run dolt --user dolt branch + run dolt branch [ $status -eq 0 ] [[ "$output" =~ "newOther" ]] || false [[ "$output" =~ "main" ]] || false